STIGQter: STIG Summary: Windows 2008 Member Server Security Technical Implementation Guide Version: 6 Release: 43 Benchmark Date: 26 Jul 2019: Reversible password encryption is not disabled.

DISA Rule

SV-29689r1_rule

Vulnerability Number

V-2372

Group Title

Reversible Password Encryption

Rule Version

3.057

Severity

CAT II

CCI(s)

CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

Fix Recommendation

Configure the system to prevent passwords from being saved using reverse encryption.

Check Contents

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Password Policy.
If the value for “Store password using reversible encryption” is not disabled, then this is a finding.

Vulnerability Number

V-2372

Documentable

False

Rule Version

3.057

Severity Override Guidance

Check Content Reference

Responsibility

System Administrator

Target Key

1340

STIGQter: STIG Summary: Windows 2008 Member Server Security Technical Implementation Guide Version: 6 Release: 43 Benchmark Date: 26 Jul 2019: Reversible password encryption is not disabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments